It is normally a good idea to take the configuration of your existing (working!) kernel as a starting point for the configuration of your new kernel. Usually the current kernel configuration is saved in a file under /boot, e.g. /boot/config-2.4.18-bf2.4. We will load this configuration and then do the changes we desire (e.g. add quota support, iptables support, etc.).

Change the kernel configuration where the error occurs (e.g., the compilation often gives back errors for some WAN modules, so leave them out if you do not need them). If no error occurs you will find the new kernel as a Debian package called kernel-image-2.4.23_custom.1.0_i386.deb under /usr/src.

cd ../

Now you can install the new kernel by doing the following:

dpkg -i kernel-image-2.4.23_custom.1.0_i386.deb

We are almost finished now. Reboot your machine:

shutdown -r now

and if everything is ok your machine should come up with the new kernel. You can run

Saturday, March 26, 2005

A report released today (by Security Innovations) indicates Windows Server 2003 may actually be more secure than its most popular Linux competitor when it comes to vulnerabilitiesand the time it takes to patch them. Paper is at,

“This study appears to be more concerned with vulnerability counts and patch-release cycles than in actual security or securability.”

here’s the method:

In the Security Innovation report, the trio took requirements for three typical enterprise Web server environments and scrutinized known vulnerabilities and subsequent patches. The Windows Server 2003 platform included ASP.NET for scripting, a SQL Server 2000 database server and Microsoft Internet Information Services 6.0 Web server. Any function was accepted by default during installation (assuming many admins just keep clicking the Next button during the process). On the Linux side, the team used two different configurations for Red Hat Enterprise Linux 3.0. Both ran PHP for scripting, a MySQL database server and an Apache Web server. But one version included high modularity, where essentially the researchers installed whatever Red Hat had available; the other was minimally configured to include only core components.

the problem is..

“Most of us in the Linux security community have been saying for years that the average Linux distribution — Red Hat, SuSE, etc. — isn’t terribly secure ‘by default.’ Good security comes from careful configuration, not by running an installer,”

Todays Security advice from Secunia for Mandrake 10.1 is that all known vulnerabilities are patched see http://secunia.com/product/4198/ Todays Security advice from Secunia for Windows Server 2003 has 13% of known vulnerabilities not patched see http://secunia.com/product/1173/ and 4 of these problems date back to 2003! So the maximum time MS takes to patch vulnerabilities in Server 2003 is 2 years and still counting - where is that mentioned in this “research”?

Sunday, March 20, 2005

Got an ancient Ultra Sparc II (sun4m) whose task before is a firewall running on Solaris 2.6, it's got 448MB RAM and 10Mpbs Quad Ethernet port. I decided to install Debian on it as it's the only distro that supports sun4m, AFAIK. I had a hard time looking for Gentoo support but it was my first choice. I initially installed Debian3 Woody for SPARC. But I went into problems during the reboot to continue my installation for the base packages, because of the old PROM that does not support more than one 1GB under the /boot partition, the error was: